7 pages

English

risk and audit plan 2007

Ussu - Newmb

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

7 pages

English

Le téléchargement nécessite un accès à la bibliothèque YouScribe
Tout savoir sur nos offres

A propos
Informations
Extrait

Description

Program Evaluation and Audit 2007 RISK ASSESSMENT AND AUDIT PLAN DRAFT – January 11, 2007 BACKGROUND Requirements of the Standards In the Institute of Internal Auditors’ Standards for the Professional Practice of Internal Auditing, standard 2010 deals with audit planning, and requires, in part: • That the chief audit executive (Director) establish risk-based audit plans to prioritize internal audit activities consistent with the organization’s goals. • That the audit plan should be based on an annual risk assessment created with the input of senior management and the board. This document represents the risk assessment for 2007, as well as the proposed audit plan based on that assessment. Process To maximize the involvement of senior management throughout the Council, the Director and staff representatives conducted risk assessment meetings with the management teams for each of the Council’s Divisions. A draft was prepared to share with the Senior Strategy Team for their information, prior to taking it to the Council’s Audit Committee for final approval. Overview This document is written in three parts: • The Council’s General Risk Environment, • Risks Affecting Specific Program Areas, • Proposed 2007 Planned Audit Projects. GENERAL RISK ENVIRONMENT The Metropolitan Council focuses on a number of policy areas: • Environmental Services works to protect the public health and the environment by providing efficient and ...

Informations

Publié par	Ussu
Nombre de lectures	14
Langue	English

Extrait

Program Evaluation and Audit

2007 RISK ASSESSMENT AND AUDIT PLAN

DRAFT – January 11, 2007

BACKGROUND

Requirements of the Standards

In the Institute of Internal Auditors’

Standards for the Professional Practice of Internal

Auditing,

standard 2010 deals with audit planning, and requires, in part:

•

That the chief audit executive (Director) establish risk-based audit plans to prioritize

internal audit activities consistent with the organization’s goals.

•

That the audit plan should be based on an annual risk assessment created with the

input of senior management and the board.

This document represents the risk assessment for 2007, as well as the proposed audit plan

based on that assessment.

Process

To maximize the involvement of senior management throughout the Council, the Director

and staff representatives conducted risk assessment meetings with the management teams

for each of the Council’s Divisions. A draft was prepared to share with the Senior

Strategy Team for their information, prior to taking it to the Council’s Audit Committee

for final approval.

Overview

This document is written in three parts:

•

The Council’s General Risk Environment,

•

Risks Affecting Specific Program Areas,

•

Proposed 2007 Planned Audit Projects.

GENERAL RISK ENVIRONMENT

The Metropolitan Council focuses on a number of policy areas:

•

Environmental Services works to protect the public health and the environment by

providing efficient and effective water resources management,

•

Metro Transit provides bus and rail transit services in the region,

•

Metropolitan Transportation Services oversees transportation planning for the region,

as well as contracted transit services, opt out funding, and Metro Mobility.

•

Community Development supports planning activities in communities in the region,

and also operates a Housing and Redevelopment Authority that administers HUD

programs for scattered sites across the metropolitan area,

•

Regional Administration provides centralized support for all of the business units,

including service areas like Finance, Human Resources and Risk Management.

In consulting with leadership across the Council, several risks emerged that are Council-

wide in nature and could affect the Council as a whole, which are summarized here to

provide a picture of the Council’s general risk environment.

Regional Growth

The Council was created as a regional planning agency for the Twin Cities Region in

1967. Even 40 years later, population growth in the Twin Cities remains high. As the

region continues to grow and expand, there is pressure on the Council and local units of

government to provide information, systems and services to handle the growth in a

productive and consistent manner.

Dedicated Funding

Voters in 2006 approved the dedication of the Motor Vehicle Sales Tax (MVST) for

transportation, no more than 60% for roads and no less than 40% for transit. The

dedication of the MVST provides an ongoing stream of funding for transit and transit-

related services for 2008 and beyond. It may help to provide critical funding for several

large projects, including the NorthStar Line and Central Corridor Light Rail. However, it

is also a funding stream that is susceptible to rapid changes in the amount collected. The

amount of MVST revenue can vary significantly from year to year, creating challenges

for the Council’s planning and budgeting.

Baby Boomer Retirements

Like many employers in the current environment, the Council has a significant number of

staff members who will be reaching eligibility for retirement in the next few years. The

years of experience and knowledge amassed by these individuals will be difficult to

rebuild or replace when they leave.

Several areas of the Council are working to prepare for transitions by documenting

procedures, providing training opportunities for potential future leaders, and conducting

workforce planning. Nonetheless, recruitment and retention of new employees along with

facilitating effective transitions when established employees leave will be a challenge for

the Council in 2007 and beyond.

Data and Technology

Technology continues to advance rapidly, having multiple effects on operations at the

Council. New automated systems and technology tools hold the promise of greater

efficiency and effectiveness, but many also create areas of vulnerability that require

careful planning and management. Some specific risks of new systems can include:

•

Security of data and information – Systems are migrating to utilize interfaces with

the worldwide web for staff and customers. The web is an effective way to collect

and disburse information, but it can also expose the Council’s system to viruses,

worms and other forms of malicious code.

•

Much Council data is public information, but some is protected as confidential,

private or non-public information per the Minnesota Government Data Practices

Act. More open access to data also requires providing adequate protection for

non-public data collected and maintained by the Council.

SPECIFIC PROGRAMMATIC/DIVISIONAL RISKS

In addition to the risks facing the Council in general, listed above, each division of the

Council anticipates risks specific to their programs and functions. Following are the risks

summarized by divisions.

Transportation (Metro Transit and Metropolitan Transportation Services)

The transit system grew significantly in 2006, reaching an estimated 74 million rides, the

highest ridership in Transit’s history. The HLRT remains very popular with commuters

and higher gas prices drove more people to consider transit in lieu of their personal

vehicles. It is a positive environment for the development of commuter rail in the

Northstar Line, and for the region’s second light rail line, in the Central Corridor. The

projects are both large and inherently risky, and as such, require careful planning and

monitoring as they are developed and then constructed and implemented. Other risks

identified by Metro Transit and Metropolitan Transportation Services are day-to-day

operational risks.

•

GoTo Cards – A lengthy effort to develop a set of new fare collection tools for Metro

Transit and the regional providers that are more automated and easier for customers

to use is nearly complete. During the first quarter of 2007, project managers

anticipate that the GoTo Card System will be fully operational and available to all

transit passengers. GoTo will allow customers to pay fare by touching a smartcard to

a screen on the bus or on the rail platform. The system also allows customers to load

and re-load fare cards in person or over the web as well as loss reporting and tracking

of the cards themselves. At the same time, the technology is new and when in full

operation, problems could result including mis-collection of fares, errors in managing

customers’ accounts, or failing to protect private customer data.

•

HASTUS System – Metro Transit installed a new timekeeping and scheduling system

in late 2006. HASTUS provides a system more tailored to the needs of a transit

organization for timekeeping and links to PeopleSoft to process the payroll. A major

systems transition, especially one affecting payroll, represents risks related to

accuracy of transactions, security of data, and efficient interface with other systems.

•

Contracts – Metro Transit develops and administers a significant number of large

contracts. Within the next few years, Transit will be dealing with contracts for the

Central Corridor Light Rail Project, Northstar Commuter Rail, and a number of bus

and pedestrian way improvements. At the same time, Metropolitan Transportation

Services provides all of its transit services, including Metro Mobility, through

contracts. All contracts create some elements of risk, and require careful monitoring

and administration.

Environmental Services

Population growth also affects Environmental Services (ES) in ensuring water quality for

the region. ES has been part of a major water quality initiative this year and will continue

working on those issues in the future. Also, there is a changing regulatory environment

that can affect the work the Division does on a day-to-day basis.

Environmental Services (ES) identified several areas of risk to its operation. First, ES

administers a significant number of contracts for construction and renovation at its sites.

Contracts carry a level of inherent risk and it has been the goal of Program Evaluation

and Audit to conduct reviews of ES contracts every 3 years.

ES also had some concerns about problems with information systems. Specifically, the

SAC database has longstanding maintenance issues that make determinations and

administration of SAC more time-consuming for staff. ES is working with Information

Services (IS) to resolve remaining issues with the database by May of 2007.

Finally, ES, like other Council divisions, participates in centralized services provided by

Regional Administration, including Finance, Human Resources, Information Services

and Communication. The costs of those services are paid according to a cost allocation

plan developed by the Finance Division more than 10 years ago. ES suggested that the

allocation might need to be revisited in light of the Council’s current programs and focus.

Community Development

Community Development (CD) also deals with the impacts of growth in the region.

Growth strains the resources the Council and other agencies provide to address housing,

economic development, and the expansion of metropolitan region into other counties.

The Community Development Division also expressed concern about information

systems and whether they were able to maximize the utility of their information systems

for program administration.

CD reports that the system plans from local governments are progressing well, and are a

major part of the division’s workload in 2007. However, it was noted that CD administers

some grant programs, primarily for Parks, which have not been reviewed in several years.

CD has experienced several key retirements recently, and as noted in the general risk

section, managers are concerned about the effects of transition and knowledge loss on

their programs.

Regional Administration

Regional Administration (RA) noted new systems as an area of risk. Two are listed under

Metro Transit Risk. RA also cited a major upgrade of PeopleSoft Financials that occurred

during 2006. As new systems are developed and more information is widely available,

RA managers had concerns about ensuring that systems facilitate compliance with the

MGDPA and support efficient, effective administrative support for the Council and its

managers.

As with other divisions, RA expressed concern about key staff departures and the need

for workforce planning to address the coming transitions across the Council.

2007 AUDIT PLAN

Program Evaluation proposes an audit plan that is based on known risks, to provide a

reasonable assurance of adequate coverage of high-risk activities for the Council.

Assumptions

As was the case in 2006, the 2007 plan assigns 70-75% of staff time to planned projects.

The remainder of time is left open to cover requested work like emergent priorities,

urgent requests and investigations.

Due to the constriction of the labor market for audit positions, Program Evaluation and

Audit has carried a vacancy since last summer. We are working with Human Resources

to develop a class series for audit staff. Currently, all professional staff members are at

the Team Leader level, indicating a level of expertise and experience appropriate to lead

complex projects that is rare in the current labor market. In early 2007, a three-part class

series will be developed, allowing us to hire at entry levels and provide opportunities for

staff to grow into team leader positions. As this development continues, we have one

position that has been made a part-time one filled with a graduate student, who was our

summer intern. We hope to have a full-time position developed, posted and filled by

midyear. However, there will be a reduced number of hours available in 2007 due to this

change.

The plan also reflects a blend of financial reviews, program audits, and

attestation/compliance audits.

Transit Projects (Metro Transit and Metropolitan Transportation Services)

•

GoTo Cards (delayed from 2006),

•

HASTUS Timekeeping System (delayed from 2006),

•

Bus warranties,

•

Reconciliation of fuel purchased with fuel pumped,

•

Tire contract,

•

Property acquisition and management,

•

Non-profit transit providers,

•

County-provided ADA Service Cost Audits,

•

Review of account code structure and management reporting for MTS

In addition, regular projects undertaken in partnership with Metro Transit will continue in

2007, including Transit Store cash audits (twice per year), Inventories (rotating annually),

and Farebox Reconciliations (3-4 times per year).

Environmental Services

•

Insurance coverage in construction contracts,

•

Drug and Alcohol program for FMCSA, with Human Resources.

Community Development

•

Parks Grants,

•

Council forecast compliance with federal requirements.

Regional Administration

•

Information Systems Security – network, data, workstations,

•

PeopleSoft Financials Upgrade,

•

Energy Forward Pricing,

•

Payroll.

Program Evaluation and Audit recommends the acceptance of this Risk Assessment and

Audit Plan for 2007. It is complete, has involved a number of managers from areas

around the Council, and it will provide a reasonable assurance of the Council’s internal

controls and overall response to risks.

Univers
Ebooks
Livres audio
Presse
Podcasts
BD
Documents

Livre audio en ligne - Développement personnel Livre en ligne Tout le catalogue Tous les Intérêts

risk and audit plan 2007

YouScribe

Le catalogue

Le service

Les conditions